Starting with the Solaris 10 11/06 release, you can, during installation, set the default behavior for network services to run in a much more secured manner. During an interactive installation (hands on), this new security option is provided in the installation configuration selection screens. For automated JumpStart installations (hands off), you can select a restricted network profile by using a new service_profile keyword in the sysidcfg file. This security option is only available for initial installations. An upgrade maintains all previously set services. If necessary, you can restrict network services after an upgrade by using the netservices command.
If you choose to restrict network security, numerous services are fully disabled. Other services are still enabled, but these services are restricted to local connections only. Secure Shell remains available for remote administrative access to the system.
With this restricted networking profile, you reduce your risk of exposure on the Internet or LAN. The system retains full graphical desktop use and outbound network access. For example, you can still access your graphical interface, use browsers or email clients, and mount NFSv4 file shares.
The network services can be enabled after installation by using the netservices open command or by enabling individual services by using SMF commands. See Revising Security Settings After Installation.
For additional information about this security option, see the following references.
Table 2–1 Additional Information About the Limited Network Profile
Description |
For More Information |
---|---|
Administer security for network services |
How to Create an SMF Profile in System Administration Guide: Basic Administration |
Reopen network services after installation | |
Plan installation configuration | |
Select restricted network security during a hands-on installation | |
Set up restricted network security for a JumpStart installation |
service_profile Keyword in Solaris 10 8/07 Installation Guide: Network-Based Installations |
Starting with the Solaris 10 11/06 release, Solaris Trusted Extensions provides multilevel security for the Solaris OS. This feature enables you to control information in a flexible but highly secure manner. You can now enforce strict access controls to your data based on data sensitivity, not just data ownership.
An installation that accesses Solaris Trusted Extensions differs from a standard installation. For a list of these installation differences and further information about Solaris Trusted Extensions, see Installing or Upgrading the Solaris OS for Trusted Extensions in Solaris Trusted Extensions Installation and Configuration.
The flarcreate command no longer has size limitations on individual files. You can create a Solaris Flash archive that contains individual files that are greater than 4 Gbytes. The following two archive utilities are available for use:
The cpio archive utility is the default. Individual files cannot be greater than 2 or 4 Gbytes. The size limitation depends on the version of cpio used.
The portable archive interchange utility, pax, is invoked with the -L pax option. If the -L pax option is specified, the archive can be created without size limitations on individual files.
For more information, see Creating an Archive That Contains Large Files in Solaris 10 8/07 Installation Guide: Solaris Flash Archives (Creation and Installation).